security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

[Rule Tuning]: Fix threat_index and filters in Rapid7 CVE rule (#3800)

Browse Source 
* Fix index and filters in Rapid7 CVE rule

* change updated date

---------

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
This commit is contained in:
Krishna Chaitanya Reddy Burri
2024-06-21 00:47:06 +05:30
committed by GitHub
parent c20318d0d0
commit e9d7ddfa35
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/threat_intel/threat_intel_rapid7_threat_command.toml
+6 -6
View File
@@ -2,7 +2,7 @@
creation_date = "2024/05/29"
integration = ["ti_rapid7_threat_command"]
maturity = "production"
updated_date = "2024/06/12"
updated_date = "2024/06/20"
[rule]
author = ["Elastic"]
@@ -76,7 +76,7 @@ tags = [
"Use Case: Asset Visibility",
"Use Case: Continuous Monitoring",
]
threat_index = ["logs-ti_rapid7_threat_command_latest.ioc"]
threat_index = ["logs-ti_rapid7_threat_command_latest.vulnerability"]
threat_indicator_path = "rapid7.tc.vulnerability"
threat_language = "kuery"
threat_query = """
@@ -90,16 +90,16 @@ vulnerability.id : *
'''
[[rule.threat_filters]]
[[rule.filters]]
[rule.threat_filters."$state"]
[rule.filters."$state"]
store = "appState"
[rule.threat_filters.meta]
[rule.filters.meta]
disabled = false
key = "rapid7.tc.vulnerability.id"
negate = true
type = "exists"
[rule.threat_filters.query.exists]
[rule.filters.query.exists]
field = "rapid7.tc.vulnerability.id"
[[rule.threat_mapping]]